package org.tianff.security.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.tianff.security.CustomUserService;


@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{//1

	@Autowired
	CustomUserService userService;
	
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth.userDetailsService(userService); //3
	}
	
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests()
				        .antMatchers("/css/**","/fonts/**","/js/**","/img/**").permitAll()
				        .antMatchers("/login/*").permitAll()
						.anyRequest().authenticated() //4
						.and()
						.formLogin()
							.loginPage("/login")
				            .successForwardUrl("/")
							.failureUrl("/login?error")
							.permitAll() //5
						.and()
						.logout().permitAll(); //6
	}

}
